package com.itheima.filters;

import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @program: mm
 * @description:
 * @author: zhanghz001
 * @create: 2020-11-13 17:51
 **/
@WebFilter("/*")
public class AuthorFilter implements Filter {
    Logger logger = LoggerFactory.getLogger(AuthorFilter.class);

    private FilterConfig filterConfig;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

        this.filterConfig = filterConfig;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

        try {
            HttpServletRequest req = (HttpServletRequest) request;
            HttpServletResponse resp = (HttpServletResponse) response;

            //
            String uri = req.getRequestURI();
            if (StringUtils.isNotBlank(uri)) {
                if (uri.endsWith(".js")
                        || uri.contains(".css")
                        || uri.contains(".min")
                        || uri.endsWith(".png")
                        || uri.endsWith(".html")
                        || uri.endsWith(".jpeg")
                        || uri.endsWith(".jpg")
                        || uri.endsWith("index.jsp")
                        || uri.endsWith("login.jsp")
                        || uri.endsWith("unauthorized.jsp")
                        || uri.endsWith(".woff2")
                        || uri.endsWith(".woff")
                        || uri.endsWith(".ttf")
                        || "/".equals(uri)
                ) {
                    chain.doFilter(request, response);
                    return;
                }

                //
                String queryString = req.getQueryString();

                if (StringUtils.isNotBlank(queryString)) {
                    if (queryString.endsWith("operation=login")
                            || queryString.endsWith("operation=home")
                            || queryString.endsWith("operation=logout")
                    ) {
                        chain.doFilter(request, response);
                        return;
                    }
                }

                // /system/dept 改成system/dept
                String url = uri.substring(1);
                //
                if (StringUtils.isNotBlank(queryString)) {
                    int index = queryString.indexOf("&");
                    if (index != -1) {
                        //operation=list
                        String operation = queryString.substring(0, index);

                        //system/dept?operation=list
                        url = url + "?" + operation;

                    }
                }
                // logger.info(url);
                //登录的跳过

                //2.获取到当前登录人允许的操作
                //3.1如果允许，放行
                String authorStr = req.getSession().getAttribute("authorStr").toString();
                if (StringUtils.isNotBlank(authorStr)) {
                    //3.比对本次操作是否在当前登录人允许的操作范围内
                    if (authorStr.contains(url)) {

                        chain.doFilter(request, response);
                    } else {
                        //转发到登录

                        //3.2不允许跳转到非法访问页
                        resp.sendRedirect("/unauthorized.jsp");
                    }
                } else {

                    //3.2不允许跳转到非法访问页

                    req.setAttribute("error", "没有登录");
                    req.getRequestDispatcher("/login.jsp").forward(req, resp);
                }
            }

        } catch (Exception e) {
            e.printStackTrace();
        } finally {

        }
    }

    @Override
    public void destroy() {
//清除操作
    }
}
